Attention please! Here is the shortcut to pass your Newest 212-89 vce exam! Get yourself well prepared for the ECIH Mar 29,2022 Hotest 212-89 practice EC-Council Certified Incident Handler exam is really a hard job. But don’t worry! We We, provides the most update latest 212-89 dumps. With We latest 212-89 dumps, you’ll pass the ECIH Hotest 212-89 pdf EC-Council Certified Incident Handler exam in an easy way

We Geekcert has our own expert team. They selected and published the latest 212-89 preparation materials from Official Exam-Center.

The following are the 212-89 free dumps. Go through and check the validity and accuracy of our 212-89 dumps.212-89 free dumps are questions from the latest full 212-89 dumps. Check 212-89 free questions to get a better understanding of 212-89 exams.

Question 1:

Which of the following terms may be defined as “a measure of possible inability to achieve a goal, objective, or target within a defined security, cost plan and technical limitations that adversely affects the organization\’s operation and revenues?

A. Risk

B. Vulnerability

C. Threat

D. Incident Response

Correct Answer: A

Question 2:

The goal of incident response is to handle the incident in a way that minimizes damage and reduces recovery time and cost. Which of the following does NOT constitute a goal of incident response?

A. Dealing with human resources department and various employee conflict behaviors.

B. Using information gathered during incident handling to prepare for handling future incidents in a better way and to provide stronger protection for systems and data.

C. Helping personal to recover quickly and efficiently from security incidents, minimizing loss or theft and disruption of services.

D. Dealing properly with legal issues that may arise during incidents.

Correct Answer: A

Question 3:

An organization faced an information security incident where a disgruntled employee passed sensitive access control information to a competitor. The organization\’s incident response manager, upon investigation, found that the incident must be handled within a few hours on the same day to maintain business continuity and market competitiveness. How would you categorize such information security incident?

A. High level incident

B. Middle level incident

C. Ultra-High level incident

D. Low level incident

Correct Answer: A

Question 4:

Business continuity is defined as the ability of an organization to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy. Identify the plan which is mandatory part of a business continuity plan?

A. Forensics Procedure Plan

B. Business Recovery Plan

C. Sales and Marketing plan

D. New business strategy plan

Correct Answer: B

Question 5:

The flow chart gives a view of different roles played by the different personnel of CSIRT. Identify the incident response personnel denoted by A, B, C, D, E, F and G.

A. A-Incident Analyst, B- Incident Coordinator, C- Public Relations, D-Administrator, E- Human Resource, F-Constituency, G-Incident Manager

B. A- Incident Coordinator, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, F-Constituency, G-Incident Manager

C. A- Incident Coordinator, B- Constituency, C-Administrator, D-Incident Manager, E- Human Resource, F-Incident Analyst, G-Public relations

D. A- Incident Manager, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, F- Constituency, G-Incident Coordinator

Correct Answer: C

Question 6:

A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT part of the computer risk policy?

A. Procedure to identify security funds to hedge risk

B. Procedure to monitor the efficiency of security controls

C. Procedure for the ongoing training of employees authorized to access the system

D. Provisions for continuing support if there is an interruption in the system or if the system crashes

Correct Answer: C

Question 7:

Identify the network security incident where intended authorized users are prevented from using system, network, or applications by flooding the network with high volume of traffic that consumes all existing network resources.

A. URL Manipulation

B. XSS Attack

C. SQL Injection

D. Denial of Service Attack

Correct Answer: D

Question 8:

Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the user\’s information and system. These programs may unleash dangerous programs that may erase the unsuspecting user\’s disk and send the victim\’s credit card numbers and passwords to a stranger.

A. Cookie tracker

B. Worm

C. Trojan

D. Virus

Correct Answer: C

Question 9:

Risk is defined as the probability of the occurrence of an incident. Risk formulation generally begins with the likeliness of an event\’s occurrence, the harm it may cause and is usually denoted as Risk = (events)X (Probability of occurrence)X?

A. Magnitude

B. Probability

C. Consequences

D. Significance

Correct Answer: A

Question 10:

Computer forensics is methodical series of techniques and procedures for gathering evidence from computing equipment, various storage devices and or digital media that can be presented in a course of law in a coherent and meaningful format. Which one of the following is an appropriate flow of steps in the computer forensics process:

A. Examination> Analysis > Preparation > Collection > Reporting

B. Preparation > Analysis > Collection > Examination > Reporting

C. Analysis > Preparation > Collection > Reporting > Examination

D. Preparation > Collection > Examination > Analysis > Reporting

Correct Answer: D

Question 11:

Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?

A. An insider intentionally deleting files from a workstation

B. An attacker redirecting user to a malicious website and infects his system with Trojan

C. An attacker infecting a machine to launch a DDoS attack

D. An attacker using email with malicious code to infect internal workstation

Correct Answer: A

Question 12:

The network perimeter should be configured in such a way that it denies all incoming and outgoing traffic/ services that are not required. Which service listed below, if blocked, can help in preventing Denial of Service attack?

A. SAM service

B. POP3 service

C. SMTP service

D. Echo service

Correct Answer: D

Question 13:

A US Federal agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to agency\’s reporting timeframe guidelines, this incident should be reported within two


HOURS of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the activity. Which incident category of the US Federal Agency does this incident belong to?









Correct Answer: C

Question 14:

US-CERT and Federal civilian agencies use the reporting timeframe criteria in the federal agency reporting categorization. What is the timeframe required to report an incident under the CAT 4 Federal Agency category?

A. Weekly

B. Within four (4) hours of discovery/detection if the successful attack is still ongoing and agency is unable to successfully mitigate activity

C. Within two (2) hours of discovery/detection

D. Monthly

Correct Answer: A

Question 15:

Policies are designed to protect the organizational resources on the network by establishing the set rules and procedures. Which of the following policies authorizes a group of users to perform a set of actions on a set of resources?

A. Access control policy

B. Audit trail policy

C. Logging policy

D. Documentation policy

Correct Answer: A

Recommended Posts